A new legal filing from lawyers representing Matt Mullenweg claims that he loves the WordPress community. That is hard to square with so much of what he does. For more than a decade, he has run a WordPress news outlet that fails to follow the basic journalistic standard of disclosing when the news outlet is covering the owner of the news outlet and related parties. That news outlet being the WP Tavern, which is also included in the WordPress news feed that he controls without a disclosure of the situation either. In addition to the news coverage, the WP Tavern has a podcast done by Nathan Wrigley. He isn’t someone who has shown any concern for the accuracy of what he covers. The latest podcast episode shows that off.
Before we get in to the podcast episode, let’s step back in time to April 2022. That month, hackers started targeting a vulnerability in the very popular Elementor plugin. The vulnerability allowed arbitrary code to be run on the website by anyone logged in to WordPress with any user role that had access to the admin area of WordPress. Normally anyone logged in to WordPress has access to the admin area. That vulnerability was caused in part by Elementor failing to implement a very basic security check to make sure only a user with an intended capability could access functionality. Another part of the cause was that Elementor was leaking a security nonce to users that shouldn’t have had access to it. [Read more]